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DETAILED ACTION 



1. 



This Office Action is responding to the RCE received on 08/22/06. 



2. 



Claims 19-20 are newly added claims. 



3. 



Claims 1-20 are pending. 



Claim Rejections - 35 USC § 103 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, jf the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hind et al, US Patent No. 6772331 B1 , hereinafter "Hind", in view of Dondeti et al, 
US Patent No. 7013389, hereinafter "Dondeti". 

6. As per claim 1: 

Hind teaches "A branding process to establish a trust web of networked computing 
devices on an open multi-access network, comprising: 
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Securely networking a security-uninitialized device with a branding device via a 
secured network medium" in (Col 9 lines 25-40); 

"Electronically imprinting the security-uninitialized device with group membership 
and cryptographic key data by the branding device via the secured network medium" in 
(Col 9 lines 25-40), the cryptographic key data for verifying group membership 
information provided by other devices on the open multi-access network to the security- 
uninitialized device are authenticated by the branding device" in (Col 9 lines 15-60, 
creating a trust between the devices); and 

Initializing the security-uninitialized device to use the cryptographic key data to 
authenticate group membership of other devices interacting with securitv-un-initialized 
device on the open multi-access network , and to provide the security-uninitialized 
device is a member of the trust web, such that at least some interaction via the open 
multi-access network with the security-uninitialized device is cryptographically secured 
to only other devices in the trust web" in (Col 10 lines 18-29, and Col 1 1 line 5 to Col 12 
line 20 and Col 9 lines 35-60). Hind further teaches of having additional fields including 
user group associations, access control groups in the signed certificate. 

However, Hind does not specifically discloses a method of utilizing the group 
membership information with other branded devices in an open multi-access network. 

Nevertheless, Dondeti discloses the "Dual Encryption Protocol for scalable 
secure group communication" invention, which includes a method of joining a un- 
initialized device into a group by providing a group membership certificate to the un- 
initialized device. The initialized device with the group membership certificate can send 
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the group membership certificate to other member in the group for authentication" in 
(Col 4 line 57 to Col 5 line 21). 

Therefore, it would have been obvious at the time of the invention was made for 
one having ordinary skill in the art to modify Hind's invention to incorporate Dondeti's 
teaching to implement the group joining between group members without interposing a 
central authority. 

7. As per claims 2 and 1 3: 

Hind teaches "A branding process to establish cryptographically secured interaction 
among networked computing devices within a trust group on an open multi-access 
network, comprising: 

securely networking a security-un-initialized device with a branding device via a secured 
network medium (Col 9 lines 25-40); 

transmitting a branding certificate from the branding device to the security-un-initialized 
device via the secured network medium (Col 9 lines 25-40), the branding certificate 
instructing that the security-un-initialized device trust the branding device (Col 9 lines 
15-60, creating a trust between the devices), the branding certificate further containing 
key data for verifying certificates provided by other devices on the open multi-access 
network to the security-un-initialized device are authenticated by the branding device 
(Col 9 lines 35-60); 

transmitting a trust group membership certificate signed by the branding device to the 
security-un-initialized device via the secured network medium, the trust group 
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membership certificate containing a signed group name as well as a signed key 
identifying the security-un-initialized device such that, when the security-un-initialized 
device sends the trust group certificate to a branded device which is a member of the 
trust group, the trust group certificate is validated by the branded device, and the 
branded device verifies that the security-un-initialized device is a member of the trust 
group of devices referred to by the group name (Col 10 lines 18-29); and 
initializing a security resolver of the security-un-initialized device to use the key data of 
the branding certificate to authenticate other devices interacting with the security-un- 
initialized device on the open multi-access network are in the trust group (Col 10 lines 
18-29, and Col 1 1 line 5 to Col 12 line 20), and to provide the trust group membership 
certificate to such other devices as authentication that the security-un-initialized device 
is a member of the trust group (Col 10 lines 18-29, such that at least some interaction 
via the open multi-access network with the security-un-initialized device is 
cryptographically secured to only other devices in the trust group (Col 9 lines 15-60)". 
Hind further teaches of having additional fields including user group associations, 
access control groups in the signed certificate. 

However, Hind does not specifically discloses a method of utilizing the group 
membership information with other branded devices in an open multi-access network. 

Nevertheless, Dondeti discloses the "Dual Encryption Protocol for scalable 
secure group communication" invention, which includes a method of joining a un- 
initialized device into a group by providing a group membership certificate to the un- 
initialized device. The group membership certificate also includes group identity and 
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other information to further authenticate the un-initialized device to a group (See Figure 
3 & 4 and Col 5 lines 1-20). The initialized device with the group membership certificate 
can send the group membership certificate to other member in the group for 
authentication" in Col 4 line 57 to Col 5 line 21). 

Therefore, it would have been obvious at the time of the invention was made for 
one having ordinary skill in the art to modify Hind's invention to incorporate Dondeti's 
teaching to implement the group joining between group members without interposing a 
central authority. 

8. As per claim 3: 

Hind and Dondeti teach "The branding process of claim 2 wherein securely networking 
the security-un-initialized and branding devices comprises networking the devices via a 
limited access network interface of the security-un-initialized device that is separate 
from the security-un-initialized device's interface to the open multi-access network" (Col 
11 lines 5-65). 

9. As per claim 4: 

Hind and Dondeti teach "The branding process of claim 3 wherein the limited access 
network interface is of a direct device-to-device wired networking medium (Col 1 line 65 
to Col 2 line 1). 
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10. As per claim 5: 

Hind and Dondeti teach "The branding process of claim 3 wherein the limited access 
network interface is of a directional wireless networking medium" in (Col 1 line 55 to Col 
2 line 10). 

11. As per claim 6: 

Hind and Dondeti teach "The branding process of claim 2 wherein securely networking 
the security-un-initialized and branding devices comprises: placing transmitter/receivers 
of the security-un-initialized and branding devices for an omni-directional wireless 
networking medium into a wave guide and/or Faraday cage; and networking the devices 
with the wave guide and/or Faraday cage via the omni-directional wireless networking 
medium" in (Col 1 line 55 to Col 2 line 10). 

12. As per claim 7: 

Hind and Dondeti teach "The branding process of claim 2 further comprising: 
transmitting a principal identifier from the branding device to the security-un-initialized 
device, the principal identifier providing a cryptographically secured identity to the 
security-un-initialized device, the principal identifier containing a public/private key pair; 
and using the public/private key pair to encrypt interaction of the security-un-initialized 
device with said other devices authenticated to be in the trust group" in (Col 1 1 lines 5- 
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65). 



13. As per claim 8: 

Hind and Dondeti teach "The branding process of claim 7 wherein the principal identifier 
further contains a name for the security-un-initialized device, the process further 
comprising identifying the security-un-initialized device to human operators using the 
name" in (Col 12 lines 45-65). 

14. As per claim 9: i 

Hind and Dondeti teach "The branding process of claim 8 further comprising prompting 
a human user of the branding device to enter the name upon performing the branding 
process on the security-un-initialized device" in (Col 12 lines 45-65). 



15. As per claim 10: 

Hind and Dondeti teach "The branding process of claim 2 further comprising initially 
distributing the security-un-initialized device in a retail channel prior to having the 
branding process performed on the security-un-initialized device" in (Col 5 lines 25). 



Application/Control Number: 09/882,491 Page 9 

Art Unit: 2135 

16. As per claim 11: 

Hind and Dondeti teach 'The branding process of claim 10 further comprising upon 
completion of initializing the security resolver, disallowing the security-un-initialized 
device from having the branding process again performed on the security-un-initialized 
device until the now initialized security of the security-un-initialized device is reset" in 
(Col 13lines 35-43). 

17. As per claim 12: 

Hind and Dondeti teach "The branding process of claim 10 further comprising upon 
completion of initializing the security resolver, allowing the branding process to be 
performed only via a limited access network interface of the security-un-initialized 
device" in (Col 4 line 53 to Col 5 line 5). 

18. As per claim 14: 

Hind and Dondeti teach "The networked computing device of claim 13 further 
comprising: a limited access networking interface; and the security initializer further 
operational to accept the branding public key when received from the branding device 
only via the limited access networking interface" in (Col 1 1 lines 5-45). 
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19. As per claim 15: 

Hind and Dondeti teach "The networked computing device of claim 13 further 
comprising: the security initializer further operational to accept the branding public key 
when received from the branding device via the network interface when in an initial 
unbranded state; and a branding reset operational upon activation to return the security 
initializer to the initial unbranded state" in (Col 13 lines 35-43). 

20. As per claim 16: 

Hind and Dondeti teach "The networked computing device of claim 13 further 
comprising: a branding mode activator operational to place the networked computing 
device in a branding mode; and the security initializer further operational to accept the 
branding public key when received from the branding device via the network interface 
when in the branding mode" in (Col 11 lines 5-45). 

21. As per claim 17: 

Hind and Dondeti teach "The networked computing device of claim 13 further 
comprising: the security resolver further operational when initialized with a trust group 
membership certificate to provide the trust group membership certificate to other 
devices via the network interface to attest to membership of the networked computing in 
the trust group; and the security initializer further operational to receive the trust group 
membership certificate from the branding device while securely networked to the 
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networked computing device, and further operational to initialize the security resolver 
with the trust group membership certificate" in (Col 9 lines 15-65, and Col 10 lines 24- 
30). 

22. As per claim 18: 

Hind and Dondeti teach "The networked computing device of claim 13 further 
comprising: the security resolver further operational when initialized with a public/private 
key pair to encrypt interaction via the network interface with other devices authenticated 
as in the trust group using the public/private key pair; and the security initializer further 
operational to receive the public/private key pair from the branding device while 
securely networked to the networked computing device, and further operational to 
initialize the security resolver with the public/private key pair" in (Col 1 1 lines 5-65). 

23. As per claim 19: 

Dondeti discloses "The branding process of claim 1, wherein the group 
membership information comprises a certificate signed by the branding device and 
containing a signed group name as well as signed information naming the security-un- 
initialized device such that, when the security-un-initialized device provides the 
certificate to a branded device which is a member of the trust web, the certificate is 
validated by the branded device, and the branded device verifies that the security- 
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uniinitialized device named in the certificate is a member of the trust group of devices 
referred to by the group name" in (Col 4 line 57 to Col 5 line 21). 

24. As per claim 20: 

Dondeti discloses "The networked computing device of claim 13, wherein: 

Each trust group membership certificate is sent by an other device and each trust 
group membership certificates comprises: 

A signed name for a trust group (Group Name or group ID); 

A signed identifier (host public key, Host ID) for the other devices sending the 
trust group membership certificate" in (Figure 1, 3); and 

"The security resolver is configured to authenticate trust group membership 
certificateds by: 

Authenticating, from the trust group membership certificate, the signed 
name for the trust group and the signed identifier for the other device sending the trust 
group membership certificate using the branding public key" in (Col 6 lines 10-55); and 

Wherein the signed name for a trust group matches the trust group, 
verifying that the other device sending the trust group membership certificate is a 
member of the trust group" in (Col 5 lines 1-20). 
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25. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Linh LD Son whose telephone number is 571 - 
272-3856. The examiner can normally be reached on 9-6 (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Linh LD Son 
Examiner 
Art Unit 2135 




